Financial institutions understood early on the importance of being "top of wallet" when it came to winning the "plastic war." Make your ATM, debit or credit card the go-to item for transactions and you're solid with that customer or member (source: www.mobilepaymentstoday.com)

In response to unreliable accounting practices and recent losses in the U.S. stock markets, the Sarbanes–Oxley Act of 2002 was enacted. All publicly traded companies are required to comply with Sarbanes-Oxley (SOX) by implementing an internal controls framework to support accountability and integrity or financial reporting process. Sarbanes-Oxley is required for any publicly traded company in the U.S. including any and all divisions and wholly owned subsidiaries, and to any non-U.S. public multinational company doing business in the U.S.

All financial reporting processes, and executive management including IT environment are subject to Sarbanes-Oxley requirements, and non-compliance may result in financial penalties, and potential jail. Furthermore non-compliance has a direct impact on brand reputation and exposes company to negative publicity that weakens consumer confidence.

Sarbanes-Oxley requires that companies select and implement an internal control framework. As an integrated control COSO (Committee of Sponsoring Organizations of the Treadway Commission) is the internal control framework recommended for SOX compliance, as well as COBIT to design and implement specific IT controls for their environment.

Section 1102: Tampering with a record or otherwise impeding an official proceeding

Sarbanes-Oxley Compliance Program

The Sarbanes-Oxley Compliance Program is designed to answer questions raised by any company that requires Sarbanes-Oxley compliance while evaluating and selecting products to support COBIT IT control objectives for Sarbanes-Oxley requirements. This Compliance Program provides validated evidence about a product’s features and capabilities to support the Sarbanes-Oxley requirements.

The Sarbanes-Oxley Compliance Testing and analysis cover several aspects of the product including:

Compliance Effectiveness

Product Capabilities Support

Scope Impact Analysis and Coverage

Management and Usability

Suitable for Use in and Recommended Configuration

Product Roadmap

Sarbanes-Oxley Compliance Testing criteria

Sarbanes-Oxley Compliance Testing is conducted by trained analysts against the Sarbanes-Oxley Compliance Program criteria, as well as Compliance Labs functional and quality assurance requirements. Sarbanes-Oxley Compliance Program criteria rely on Sarbanes-Oxley requirements intent from auditor’s perspective, companies’ needs, and from queries numerous specialists, including affected products vendors, developers, users and industry groups. The compliance analyst will report the results of each phase of testing in the Reports of Compliance, and will also document the product components submitted by the vendor and the configuration of the product evaluated.

Continuous evaluation process

Compliance Labs developed the continuous evaluation process as a fundamental aspect of the Compliance Labs Sarbanes-Oxley Compliance Program. The continuous evaluation process will monitor new compliance requirements and best practices and update testing criteria to drive product compliance effectiveness and quality over the long period.